Skip to content
Search AI Powered

Latest Stories

TSA rule would require cyber risk management for railroads

Proposed rule follows White House warning about China hacking efforts against trucking sector.

laptops and cables for hackers

The federal Transportation Security Administration (TSA) yesterday proposed to mandate cyber risk management and reporting requirements for certain surface transportation owners and operators, including those running pipelines and railroads.

The notice of proposed rulemaking suggests a new standard that would require that:


  • certain pipeline, freight railroad, passenger railroad, and rail transit owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program;
  • these owner/operators, and higher-risk bus-only public transportation and over-the-road bus owner/operators, currently required to report significant physical security concerns to TSA to also report cybersecurity incidents to CISA; and
  • higher-risk pipeline owner/operators adopt TSA's current requirements for rail and higher-risk bus operations to designate a physical security coordinator and report significant physical security concerns to TSA.

The publication of a “notice of proposed rulemaking” in the Federal Register typically begins a 60-day period for public comment from any interested party, and an additional 30 days for reply comments.

"TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation's critical transportation infrastructure," TSA Administrator David Pekoske said in a release. "The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation."

The notice came a week after a White House representative warned the trucking freight industry that the People’s Republic of China (PRC) has remained the most active and persistent cyber threat to the U.S. government, private sector, and critical infrastructure networks. The briefing came from a member of the administration’s Office of the National Cyber Director, in an address to attendees at the National Motor Freight Traffic Association (NMFTA)’s Cybersecurity Conference.

“In January, the National Cyber Director testified in front of Congress along with colleagues from CISA, NSA, and the FBI about this threat from the PRC, dubbed Volt Typhoon,” speaker Stephen Viña said in his remarks. “Volt Typhoon conducted cyber operations focused not on financial gain, espionage, or state secrets but on developing deep access to our critical infrastructure. This includes the energy sector transportation systems, among many others. A prolonged interruption to these critical services could disrupt our ability to mobilize in the event of a national emergency or conflict and can create panic among our citizens. Ultimately, if trucking stops, America stops.”

More Stories

plane hauling air freight cargo

Global air cargo rates reached 2024 high point in November

Worldwide air cargo rates rose to a 2024 high in November of $2.76 per kilo, despite a slight (-2%) drop in flown tonnages compared with October, according to analysis by WorldACD Market data.

The healthy rate comes as demand and pricing both remain significantly above their already elevated levels last November, the Dutch firm said.

Keep ReadingShow less
containers stacked at a port

Supply chain execs wary of three trends in 2025, Moody’s says

Three issues ranking at top of mind for supply chain executives in 2025 will be supply chain restrictions, reputational risk, and quantifying risk exposure, according to Moody’s, a global integrated risk assessment firm.

Each of those points could have a stark impact on business operations, the firm said. First, supply chain restrictions will continue to drive up costs, following examples like European tariffs on Chinese autos and the U.S. plan to prevent Chinese software and hardware from entering cars in America.

Keep ReadingShow less
youngster checking shipping details on smartphone

Survey: older generations are unaware of holiday shipping deadlines

As holiday shoppers blitz through the final weeks of the winter peak shopping season, a survey from the postal and shipping solutions provider Stamps.com shows that 40% of U.S. consumers are unaware of holiday shipping deadlines, leaving them at risk of running into last-minute scrambles, higher shipping costs, and packages arriving late.

The survey also found a generational difference in holiday shipping deadline awareness, with 53% of Baby Boomers unaware of these cut-off dates, compared to just 32% of Millennials. Millennials are also more likely to prioritize guaranteed delivery, with 68% citing it as a key factor when choosing a shipping option this holiday season.

Keep ReadingShow less
shopper returning purchase with smartphone

E-commerce retailers brace for surge in returns

As shoppers prepare to receive—and send back—a surge of peak season e-commerce orders this month, returns will continue to pose a significant cost for the retail industry, with total returns projected to reach $890 billion in 2024, according to a report released today by the National Retail Federation (NRF) and Happy Returns, a UPS company.

Measured over the entire year of 2024, retailers estimate that 16.9% of their annual sales will be returned. But that total figure includes a spike of returns during the holidays; a separate NRF study found that for the 2024 winter holidays, retailers expect their return rate to be 17% higher, on average, than their annual return rate.

Keep ReadingShow less
screenshot of agentic AI for logistics

HappyRobot lands $15.6 million backing for its agentic AI

San Francisco startup HappyRobot has gained $15.6 million in venture funding for its AI platform that automates the communication needs of freight brokerages and other logistics users such as third-party logistics providers and warehouses.

The “series A” round was led by Andreessen Horowitz (a16z), with participation from Y Combinator and strategic industry investors, including RyderVentures. It follows an earlier, previously undisclosed, pre-seed round raised 1.5 years ago, that was backed by Array Ventures and other angel investors.

Keep ReadingShow less